U.S. adversaries increasingly turning to cybercriminals and their malware for help
Governments of the United States’ chief adversaries in cyberspace, especially Russia, have increasingly been relying on cybercriminals and their tools to advance their goals, according to a Google report published Tuesday.
There’s long been overlap between government and criminal cyber operators, but governments are now enjoying the benefits of collaboration and borrowing more — both for the general boons they can provide, but also in response to some specific conditions, the Google Threat Intelligence Group report concludes.
“Google assesses that resource constraints and operational demands have contributed to Russian cyber espionage groups’ increasing use of free or publicly available malware and tooling, including those commonly employed by criminal actors to conduct their operations,” it states.
The war in Ukraine has driven Russia in particular.
For instance, since the invasion of Ukraine, the Russian military intelligence-sponsored hackers known alternately as APT44, Sandworm and by other names have used cybercriminal malware like Radthief and Warzone, the latter of which was the target of a U.S. operation to seize internet domains used to sell it last year.
But Google has watched similar trends from China, Iran and North Korea. In May of last year, Google saw an Iranian hacking group also using Radthief.
“The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read, senior manager for the group. “These capabilities can be cheaper and more deniable than those developed directly by a state.”
Sometimes the overlap is more direct. China has used cybercriminal gangs to hide its espionage efforts, for example, Google said.
Other cyber firms, such as Trellix, have likewise noticed an increase in the blurriness of the lines between nation-states and criminals. “Recent evidence suggests an unsettling convergence of tactics, techniques, and even objectives, making it challenging to distinguish between them,” Tomer Shloman, a security researcher at the company, wrote last month.
It all leads to the notion that cybercrime is a threat to national security, not just wallets, according to Google.
“Cybercrime has unquestionably become a critical national security threat to countries around the world,” said Sandra Joyce, vice president of Google Threat Intelligence. “The marketplace at the center of the cybercrime ecosystem has made every actor easily replaceable and the whole problem resilient to disruption.”
You can read the full report on Google’s website.
